CVE-2024-0676

Summary

Weak password requirement vulnerability

in Lamassu Bitcoin ATM Douro machines, in its 7.1 version

, which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack.

Affected Software

VendorProductVersion RangeStatus
LamassuBitcoin ATM Douro machines7.1affected

Weaknesses

  • CWE-521: CWE-521 Weak Password Requirements

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References